mirror of
https://github.com/python/cpython.git
synced 2025-08-03 16:39:00 +00:00
#7159: generalize urllib prior auth support.
This fix is a superset of the functionality introduced by the issue #19494 enhancement, and supersedes that fix. Instead of a new handler, we have a new password manager that tracks whether we should send the auth for a given uri. This allows us to say "always send", satisfying #19494, or track that we've succeeded in auth and send the creds right away on every *subsequent* request. The support for using the password manager is added to AbstractBasicAuth, which means the proxy handler also now can handle prior auth if passed the new password manager. Patch by Akshit Khurana, docs mostly by me.
This commit is contained in:
R David Murray
parent
6297fecbd1
commit
4c7f995e80
6 changed files with 220 additions and 51 deletions
|
|
@ -283,13 +283,36 @@ The following classes are provided:
|
|||
fits.
|
||||
|
||||
|
||||
.. class:: HTTPPasswordMgrWithPriorAuth()
|
||||
|
||||
A variant of :class:`HTTPPasswordMgrWithDefaultRealm` that also has a
|
||||
database of ``uri -> is_authenticated`` mappings. Can be used by a
|
||||
BasicAuth handler to determine when to send authentication credentials
|
||||
immediately instead of waiting for a ``401`` response first.
|
||||
|
||||
.. versionadded:: 3.5
|
||||
|
||||
|
||||
.. class:: AbstractBasicAuthHandler(password_mgr=None)
|
||||
|
||||
This is a mixin class that helps with HTTP authentication, both to the remote
|
||||
host and to a proxy. *password_mgr*, if given, should be something that is
|
||||
compatible with :class:`HTTPPasswordMgr`; refer to section
|
||||
:ref:`http-password-mgr` for information on the interface that must be
|
||||
supported.
|
||||
supported. If *passwd_mgr* also provides ``is_authenticated`` and
|
||||
``update_authenticated`` methods (see
|
||||
:ref:`http-password-mgr-with-prior-auth`), then the handler will use the
|
||||
``is_authenticated`` result for a given URI to determine whether or not to
|
||||
send authentication credentials with the request. If ``is_authenticated``
|
||||
returns ``True`` for the URI, credentials are sent. If ``is_authenticated
|
||||
is ``False``, credentials are not sent, and then if a ``401`` response is
|
||||
received the request is re-sent with the authentication credentials. If
|
||||
authentication succeeds, ``update_authenticated`` is called to set
|
||||
``is_authenticated`` ``True`` for the URI, so that subsequent requests to
|
||||
the URI or any of its super-URIs will automatically include the
|
||||
authentication credentials.
|
||||
|
||||
.. versionadded:: 3.5: added ``is_authenticated`` support.
|
||||
|
||||
|
||||
.. class:: HTTPBasicAuthHandler(password_mgr=None)
|
||||
|
|
@ -301,17 +324,6 @@ The following classes are provided:
|
|||
presented with a wrong Authentication scheme.
|
||||
|
||||
|
||||
.. class:: HTTPBasicPriorAuthHandler(password_mgr=None)
|
||||
|
||||
A variant of :class:`HTTPBasicAuthHandler` which automatically sends
|
||||
authorization credentials with the first request, rather than waiting to
|
||||
first receive a HTTP 401 "Unauthorised" error response. This allows
|
||||
authentication to sites that don't provide a 401 response when receiving
|
||||
a request without an Authorization header. Aside from this difference,
|
||||
this behaves exactly as :class:`HTTPBasicAuthHandler`.
|
||||
|
||||
.. versionadded:: 3.5
|
||||
|
||||
.. class:: ProxyBasicAuthHandler(password_mgr=None)
|
||||
|
||||
Handle authentication with the proxy. *password_mgr*, if given, should be
|
||||
|
|
@ -852,6 +864,42 @@ These methods are available on :class:`HTTPPasswordMgr` and
|
|||
searched if the given *realm* has no matching user/password.
|
||||
|
||||
|
||||
.. _http-password-mgr-with-prior-auth:
|
||||
|
||||
HTTPPasswordMgrWithPriorAuth Objects
|
||||
------------------------------------
|
||||
|
||||
This password manager extends :class:`HTTPPasswordMgrWithDefaultRealm` to support
|
||||
tracking URIs for which authentication credentials should always be sent.
|
||||
|
||||
|
||||
.. method:: HTTPPasswordMgrWithPriorAuth.add_password(realm, uri, user, \
|
||||
passwd, is_authenticated=False)
|
||||
|
||||
*realm*, *uri*, *user*, *passwd* are as for
|
||||
:meth:`HTTPPasswordMgr.add_password`. *is_authenticated* sets the initial
|
||||
value of the ``is_authenticated`` flag for the given URI or list of URIs.
|
||||
If *is_authenticated* is specified as ``True``, *realm* is ignored.
|
||||
|
||||
|
||||
.. method:: HTTPPasswordMgr.find_user_password(realm, authuri)
|
||||
|
||||
Same as for :class:`HTTPPasswordMgrWithDefaultRealm` objects
|
||||
|
||||
|
||||
.. method:: HTTPPasswordMgrWithPriorAuth.update_authenticated(self, uri, \
|
||||
is_authenticated=False)
|
||||
|
||||
Update the ``is_authenticated`` flag for the given *uri* or list
|
||||
of URIs.
|
||||
|
||||
|
||||
.. method:: HTTPPasswordMgrWithPriorAuth.is_authenticated(self, authuri)
|
||||
|
||||
Returns the current state of the ``is_authenticated`` flag for
|
||||
the given URI.
|
||||
|
||||
|
||||
.. _abstract-basic-auth-handler:
|
||||
|
||||
AbstractBasicAuthHandler Objects
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue